Alistair Castillo

UNIVERSITY OF MALTA
DEPARTMENT OF COMPUTERS & COMMUNICATION ENGINEERING
FINAL YEAR PROJECT
B.ENG. (HONS.)
SECURITY SYSTEM USING PHONE CARDS
by
Alistair Castillo
SUPERVISED BY DR. V. BUTTIGIEG
A synopsis submitted in partial fulfilment of
the requirements for the award of
Bachelor of Engineering (Hons.) of the University of Malta
APRIL 1999
I NTRODUCTION
The aim of this project is to design and implement a security system, say for
example on door locks, using spent phone cards, and utilising low cost, off the
shelf components. The system should be tamper-proof and controlled by a
central computer.
The project was designed as shown in the block diagram of Figure 1. The
microcontroller unit (MCU) reads the card and sends the information to the
Power Line Modem (PLM) 1. The PLM 1 transmits the data via mains to PLM 2,
which is controlled by a central computer. This data is received by the
computer, compared to a database, and an ‘open’ or ‘do not open’ signal
issued and transmitted back to the microcontroller. The signal is interpreted
by the microcontroller, which in turn opens or does not open the door,
depending on the signal.
Door Card Card
Lock
Micro Central
Controller Computer
Power Line Power Line
Modem 1 Modem 2
Power Line
FIGURE 1 :- System Block Diagram
P ROJECT A PPROACH
The project was carried out in the following manner :-
• Research on smart cards, including their memory contents, protocol
and applications.
• Generation of signals required to read the card, and analysis of this
data.
Trp vÃTrÃVvtÃQurÃ8h q 2
• Literature review and choice of power line modems and
microcontrollers available.
• Design and implementation of interface circuits and line drivers for
the power line modems.
• Flowchart design and software programming of the microcontroller,
together with testing and debugging.
• Database set-up, software design and programming of the central
computer.
• Data transmission, system analysis and testing.
P ROJECT A NALYSIS
1.0 THE PHONE CARD
A phone card (or smart card) is basically a serial memory device, containing
specific information pre-written on the chip, which can easily be read but not
modified. In particular, each card contains a unique serial number, making
the card suitable for its use as a ‘smart key’ in this project. Further more, once
a phone card is used up, it becomes useless and can be thrown away, thus
implying no added cost to the project.
Smart cards have replaced most of the magnetic card applications notably
in telecommunication payment, because they are far more secure than the
magnetic cards. The most sophisticated cards are called microprocessor
cards because they have their own internal operating system that prevent
exchange of data (I/O) if a pin code is not entered in the card before. These
type of cards operate following the ISO-7816 protocol and are used when
confidentiality is required, like in bank cards, crypted TV access cards and
health cards as a few examples.
Telecommunication companies however utilise the cheaper, more simple
memory cards for telecom payment in public phone-booths. Even if these
cards are less safe, it is only possible to read the unconfidential data in these
cards, making them suitable for this kind of application. These kind of cards
are utilised in the project.
The main features of a phone card are :-
• Synchronous protocol.
• NMOS technology.
• 256 x1 bit organisation.
• Low power in read mode (85mW).
•
0 0
Operating temperature range from -10 C to 70 C.
Trp vÃTrÃVvtÃQurÃ8h q 3
• Ten year data retention.
1.1 Timing Diagrams
R /W
C LO C K
R ESE T
15m s 10m s
FIGURE 2 :- Timing Diagram in Read Mode
In order to read the phone cards, three signals are required, a clock signal, a
reset signal and a read/write signal. These can be seen in Figure 2. On every
rising edge of the clock, the data is read serially from the input/output pin.
Hence, since each card has 256 bits of data, 512 signal cycles are required to
read all the data in the card (not shown in Figure 2). The frequency of these
signals can also be varied. These signals are being taken care of by the
microcontroller, which stores the data output in memory. This data can be
filtered, or modified in order to add more security to the system.
Bytes
1 Check Sum Byte
2 A Phone Card
3-4 Number of Units
5 Manufacturer
6-11 Serial Number
12 Country
13-32 Units Area
Trp vÃTrÃVvtÃQurÃ8h q 4
FIGURE 3 :- Memory Map of a Phone Card
In this project, only the first twelve bytes are read, filtering the units area,
making both spent and unspent phone cards useable for this system. Hence
unspent phone cards can be utilised both as the normal phone card and as
a key for this system, without any interference. The memory map of the
phone card used is shown in Figure 3.
2.0 THE POWER LINE MODEM
Transmission of data via the power line rather than hard wire links, was chosen
in this project first and foremost, to cut down costs drastically, because no
additional wiring is required. Other transmission methods considered where
RF links, but these are restricted by numerous regulations, and ultrasonic links,
but these are interrupted by walls. Transmission via mains requires the use of
power line modems and their interface circuits.
The power line modem used is the ST7537, which is a half duplex
asynchronous FSK modem designed for communication on domestic electric
mains. It mainly operates from a 10V supply and a 5V supply for the
microcontroller digital interface. It is interfaced to the power line by an
external line driver and a transformer. Its data transmission rate is 1200bps
and its carrier frequency is 132.45kHz. The ST7537 was chosen because it
requires simple, low cost interface circuits and was readily available. Further
more, use of an FSK modem is a fundamental design choice that makes it
possible to achieve rugged transmission in a very noisy electrical environment
at an affordable cost. Among the alternatives, amplitude shift keying
modems are too susceptible to noise and spread spectrum, though
theoretically more reliable, require more complex and costly circuits to
interface.
Basically, transmit data enters the FSK modulator asynchronously with a
nominal intra-message data rate of 1200bps. Inside the modulator, the data
is transformed into two frequencies (133.05kHz for a ’’0’’ and 131.85kHz for a
’’1’’), derived from an inexpensive 11.0592MHz crystal. The modulated signal
from the FSK modulator is filtered by a switched-capacitor band-pass filter to
limit the output spectrum and to reduce the level of harmonic components.
The final stage of the transmit path consists of an operational amplifier which
needs a feedback signal from the power amplifier.
In the receive section, the incoming signal is applied at the Receive
Analogue Input (RAI), with a typical sensitivity of 1mVrms, where it is first
filtered by a switched-capacitor band-pass filter with a pass band of around
Trp vÃTrÃVvtÃQurÃ8h q 5
12kHz, centred on the carrier frequency. The output of the filter is amplified
by a 20dB gain stage which provides symmetrical limitation for over-voltages.
The resulting signal is down-converted by a mixer which receives a local
oscillator synthesised by the FSK modulator block. Finally, an intermediate
frequency band-pass filter whose central frequency is 5.4kHz improves the
signal-to-noise ratio before entering the FSK demodulator. The coupling of
the intermediate frequency filter output to the FSK demodulator input is made
by an external capacitor which cancels the receive path offset.
2.1 Power Line Interface
The power line interface connects the ST7537 to the power lines and meets
the CENELEC and FCC specifications. It has the following functions. In
Transmit mode, to amplify and filter the Analogue Transmit Output (ATO)
signal from the ST7537. In receive mode, to provide the received signal from
the power lines to the Receive Analogue Input (RAI) of the ST7537 together
with protection against spikes and over-voltages. It is composed of a line
driver and a line interface as shown in Figure 4.
Line
Driver
Mains
Line Interface
FIGURE 4 :- Application Schematic Diagram
Trp vÃTrÃVvtÃQurÃ8h q 6
In transmit mode, the power line interface has to be able to drive, via the line
interface, power lines with impedances from 1 to 100Ω. The line interface is
not only used to put signals on the power line. It is also used as a band-pass
filter, in order to reduce the harmonics of the transmitted signal to a level of
less than 52dBmV. In receive mode, the line driver is switched off to avoid the
low output impedance of the line driver attenuating the received signals and
to save energy costs.
3.0 THE MICROCONTROLLER
The microcontroller used is the ST62E30B. It was chosen because again it was
readily available, together with its corresponding starter kit (programmer) and
emulator. Also, it is quite cheap, and re-programmable. Among the
alternatives was the PIC16C84, which is also readily available and quite
cheap, but has less I/O pins. In the initial design of the project, the I/O pins of
the PIC would have all been utilised, thus leaving no room for test pins and
improvements. Further more, the ST62E30B has an in-built UART, should there
be need of interfacing the microcontroller directly to a computer. On these
grounds, the PIC was discarded from the design.
Besides generating the three signals required to read the phone card, and
storing the data read in memory, the microcontroller is also used to control
one of the power line modems (PLM 1), and the door lock. It is programmed
so that after reading the phone card, it sets the PLM 1 into transmit mode. It
then sends the data in memory to the modem which in turn modulates the
signal and transmits the data over the power line to PLM 2.
Further more, in the ST7537 there are two important additional functions, the
Carrier Detector and the Watchdog. Carrier detection is needed because in
practically all applications more than two card readers will be connected to
the power line. Before attempting to transmit, the microcontroller of each
card reader must first check that there is no carrier present, and if there is, it
must wait and retry later. The Watchdog function is provided to ensure that
the modem’s microcontroller is functioning correctly. Software in the
microcontroller includes instructions that send a pulse to the watchdog input
of the ST7537 at least once every 1.5s. If no negative transition is observed at
this input for 1.5s a reset signal is generated to restart the microcontroller. This
watchdog monitor scheme ensures that any disruption caused by glitches
are quickly corrected.
In receive mode, the microcontroller monitors the Carrier Detect line of PLM 1
and on sensing a signal, it reads the data on the RxD pin and processes the
information accordingly. In the project, if the signal sent is a ‘Y’ (i.e. open
lock) the microcontroller lights up a green LED, and if the signal sent is an ‘N’
(i.e. do not open lock) the microcontroller lights up a red LED. However, in
practical applications, the microcontroller activates a door lock via a relay or
Trp vÃTrÃVvtÃQurÃ8h q 7
transistor switch on receiving a ‘Y’ signal and issues a warning sign, for
example a sireen or a flashing light, on receiving an ‘N’ .
4.0 THE CENTRAL COMPUTER
On the other side of the power line there is another modem, PLM 2 which is
controlled directly from a computer, via the RS232 port. A Max232 is required
to convert the voltage levels from 5V to 12V and vice versa. The computer
program monitors the Carrier Detect line of PLM 2, and on sensing a signal, it
reads the data being transmitted, into its buffer. Using a Visual Basic 5
program, the data is then read from the buffer and compared to a field of a
resident database containing information about persons having phone card
keys. If a match is found, an authorised access signal, ‘Y’ is transmitted back
to the microcontroller, if not, an unauthorised access signal ‘N’ is transmitted
instead.
The database is created beforehand and typically contains personal details,
together with a serial number corresponding to respective phone card keys.
By using a Pascal program on the computer, directly interfaced to a phone
card reader circuit, via the parallel port, new phone cards are read directly
and added to the database together with the personal details of the phone
card owner. In this way, new members are given a key, which can be with-
held simply by restricting their access to rooms, from the database.
P ROJECT P ROGRESS
The project was handled, as much as possible, in a parallel way rather than in
a sequence of events. In this way, when problems or delays were
encountered work could still be continued on different parts of the project.
This was particularly useful when ordering of components was involved, as this
takes time depending on the supplier. However this has the disadvantage
that the functionality of the different modules has to be delayed to a later
stage.
To date, the design and implementation of the power line interfaces, on
printed circuit boards, are ready and separately functional. The transformer
needed in these interface circuits specified in the data-sheets was not
Trp vÃTrÃVvtÃQurÃ8h q 8
available and difficulty was found trying to replace it. Instead, a transformer
was designed and built using design criteria required for the correct
operation of the interfacing circuits, very cheaply. They can be easily re-built
if tuning is required later on.
The microcontroller, has been successfully programmed to read the data in
the phone card, store it in memory and communicate to the power line
modem. However, communication between the power line modems has not
yet been established. This is not an easy task as line matching is required, and
interpretation of data in such a noisy environment could be a problem.
The database has already been set up and the Visual Basic program that
controls PLM 2 and the whole system is also in progress. Once transmission
has been achieved, it is just a question of wrapping up the system with the
Visual Basic program.
C ONCLUSION
As already mentioned, results have to be delayed to a later stage, but in the
following month, the project should be functional or at a very advanced
stage. As regards the cost, the objective of a low budget project has already
been achieved because all the components required are in place. Minor
modifications will not effect the overall cost by much.
Although this project was designed for the implementation of one door lock,
it can easily be modified to accommodate more door locks. This is done
simply by assigning each new door lock an address, stored in the respective
microcontroller and used for communication purposes. Although the
microcontroller used has been given an address, it is not particularly useful in
this project.
In practical applications, the data transmitted over the power line has to be
encrypted, because since the mains network is not limited to specific
buildings, when data is transmitted, it is transmitted over the whole network,
hence a person with a power line modem in an adjacent building can simply
plug in his device and intercept this data.
Notwithstanding these limitations, the project offers some interesting concepts
that can be utilised in practice. The use of a spent, useless phone card as a
key, for one, proves to be very effective and the utilisation of the mains
network as a means of transmission, is another, which can be particularly
enticing for finished, unsecured buildings.
R EFERENCES
Trp vÃTrÃVvtÃQurÃ8h q 9
Tomi Engdahl’s Home Page on smart cards at :-
http://www.hut.fi/Misc/Electronics/smartcards.html
ST Microelectronics Web Page on ST7537 at :-
http://www.st.com
Trp vÃTrÃVvtÃQurÃ8h q 10